WO2008063417A3 - Resource level role based access control for storage management - Google Patents
Resource level role based access control for storage management Download PDFInfo
- Publication number
- WO2008063417A3 WO2008063417A3 PCT/US2007/023418 US2007023418W WO2008063417A3 WO 2008063417 A3 WO2008063417 A3 WO 2008063417A3 US 2007023418 W US2007023418 W US 2007023418W WO 2008063417 A3 WO2008063417 A3 WO 2008063417A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- identifying information
- based access
- role
- resource
- access control
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
A method, apparatus, and system for providing role-based access control (RBAC) for storage management are described herein. Resource- identifying information is stored in a role-based access database for a network storage system, in association with role-identifying information for each of a plurality of roles and operation-identifying information. The operation- identifying information indicates one or more authorized operations for each of the plurality of roles and the resource-identifying information identifies specific resources maintained by the network storage system. The role-identifying information, data indicating one or more authorized operations for at least one of the roles, and resource-specific identifying information in the role-based access database are used to determine whether to allow or deny a request from a network storage client to access a resource maintained by the network storage system.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/601,096 | 2006-11-17 | ||
US11/601,096 US20080120302A1 (en) | 2006-11-17 | 2006-11-17 | Resource level role based access control for storage management |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2008063417A2 WO2008063417A2 (en) | 2008-05-29 |
WO2008063417A3 true WO2008063417A3 (en) | 2008-11-06 |
Family
ID=39400981
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2007/023418 WO2008063417A2 (en) | 2006-11-17 | 2007-11-06 | Resource level role based access control for storage management |
Country Status (2)
Country | Link |
---|---|
US (1) | US20080120302A1 (en) |
WO (1) | WO2008063417A2 (en) |
Families Citing this family (63)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080244736A1 (en) * | 2007-03-30 | 2008-10-02 | Microsoft Corporation | Model-based access control |
US7913529B2 (en) * | 2007-08-28 | 2011-03-29 | Cisco Technology, Inc. | Centralized TCP termination with multi-service chaining |
US8302201B1 (en) * | 2007-09-28 | 2012-10-30 | Emc Corporation | Security and licensing with application aware storage |
US20090157686A1 (en) * | 2007-12-13 | 2009-06-18 | Oracle International Corporation | Method and apparatus for efficiently caching a system-wide access control list |
US8140693B2 (en) * | 2008-05-15 | 2012-03-20 | Hewlett-Packard Development Company, L.P. | Method and system for allocating on-demand resources using a connection manager |
US8677453B2 (en) | 2008-05-19 | 2014-03-18 | Cisco Technology, Inc. | Highly parallel evaluation of XACML policies |
US8352470B2 (en) * | 2008-05-23 | 2013-01-08 | International Business Machines Corporation | Adaptive aggregation: improving the performance of grouping and duplicate elimination by avoiding unnecessary disk access |
US20100031312A1 (en) * | 2008-07-29 | 2010-02-04 | International Business Machines Corporation | Method for policy based and granular approach to role based access control |
DE102008046639B4 (en) | 2008-09-09 | 2011-02-24 | Adrian Dr. Spalka | Method for providing at least one service via a server system |
US8788666B2 (en) | 2008-12-31 | 2014-07-22 | Sap Ag | System and method of consolidated central user administrative provisioning |
US8856881B2 (en) * | 2009-02-26 | 2014-10-07 | Genpact Global Holdings (Bermuda) Ltd. | Method and system for access control by using an advanced command interface server |
US8555055B2 (en) * | 2009-06-02 | 2013-10-08 | Microsoft Corporation | Delegation model for role-based access control administration |
US20110055276A1 (en) * | 2009-08-26 | 2011-03-03 | Brocade Communications Systems, Inc. | Systems and methods for automatic inclusion of entities into management resource groups |
US10540508B2 (en) * | 2009-09-17 | 2020-01-21 | Oracle International Corporation | Method and apparatus for securing a database configuration |
US8869295B2 (en) * | 2009-10-26 | 2014-10-21 | Bank Of America Corporation | Automated privacy enforcement |
CN102088351B (en) * | 2009-12-08 | 2014-10-08 | 长春吉大正元信息技术股份有限公司 | Authorization management system and implementation method thereof |
CN102088350B (en) * | 2009-12-08 | 2014-04-16 | 长春吉大正元信息技术股份有限公司 | Directory service-based authorization management system and implementation method thereof |
US9953178B2 (en) * | 2010-02-03 | 2018-04-24 | Os Nexus, Inc. | Role based access control utilizing scoped permissions |
US8635707B1 (en) * | 2010-06-29 | 2014-01-21 | Emc Corporation | Managing object access |
TW201211822A (en) * | 2010-09-07 | 2012-03-16 | Qsan Technology Inc | Role-based access control method in iSCSI storage subsystem |
CN103052957A (en) * | 2010-10-25 | 2013-04-17 | 株式会社日立制作所 | Storage apparatus and management method thereof |
US9514204B2 (en) * | 2010-11-16 | 2016-12-06 | Gazit Group Usa, Inc. | Mobile digital property portfolio management system |
US8620882B2 (en) * | 2010-12-29 | 2013-12-31 | Emc Corporation | Tokenization of multiple-field records |
US8479302B1 (en) * | 2011-02-28 | 2013-07-02 | Emc Corporation | Access control via organization charts |
US9495393B2 (en) | 2011-07-27 | 2016-11-15 | EMC IP Holding Company, LLC | System and method for reviewing role definitions |
US9396347B2 (en) * | 2011-09-01 | 2016-07-19 | Microsoft Technology Licensing, Llc | Providing status of site access requests |
CN102523197B (en) * | 2011-11-23 | 2015-09-02 | 何伦 | Enterprise's social information exchange method, server and enterprise's social networking system |
US20130218621A1 (en) * | 2012-02-22 | 2013-08-22 | Xerox Corporation | Method and system for managing deadline sensitive tasks |
US9081950B2 (en) * | 2012-05-29 | 2015-07-14 | International Business Machines Corporation | Enabling host based RBAC roles for LDAP users |
US9495380B2 (en) | 2012-12-20 | 2016-11-15 | Bank Of America Corporation | Access reviews at IAM system implementing IAM data model |
US9189644B2 (en) | 2012-12-20 | 2015-11-17 | Bank Of America Corporation | Access requests at IAM system implementing IAM data model |
US9489390B2 (en) | 2012-12-20 | 2016-11-08 | Bank Of America Corporation | Reconciling access rights at IAM system implementing IAM data model |
US9537892B2 (en) | 2012-12-20 | 2017-01-03 | Bank Of America Corporation | Facilitating separation-of-duties when provisioning access rights in a computing system |
US9529629B2 (en) | 2012-12-20 | 2016-12-27 | Bank Of America Corporation | Computing resource inventory system |
US9542433B2 (en) | 2012-12-20 | 2017-01-10 | Bank Of America Corporation | Quality assurance checks of access rights in a computing system |
US9477838B2 (en) | 2012-12-20 | 2016-10-25 | Bank Of America Corporation | Reconciliation of access rights in a computing system |
US9639594B2 (en) | 2012-12-20 | 2017-05-02 | Bank Of America Corporation | Common data model for identity access management data |
US9483488B2 (en) | 2012-12-20 | 2016-11-01 | Bank Of America Corporation | Verifying separation-of-duties at IAM system implementing IAM data model |
CN104584063A (en) * | 2013-01-29 | 2015-04-29 | 泰尔茂株式会社 | Medical information management device, medical information management system, and control method for medical information management device |
US10326734B2 (en) * | 2013-07-15 | 2019-06-18 | University Of Florida Research Foundation, Incorporated | Adaptive identity rights management system for regulatory compliance and privacy protection |
CN103645982B (en) * | 2013-11-29 | 2017-11-14 | 北京奇虎科技有限公司 | Log processing method and client |
CN103699849A (en) * | 2013-12-23 | 2014-04-02 | 国云科技股份有限公司 | Data access authorization protection method |
US9614851B1 (en) * | 2014-02-27 | 2017-04-04 | Open Invention Network Llc | Security management application providing proxy for administrative privileges |
US9471803B2 (en) * | 2014-08-07 | 2016-10-18 | Emc Corporation | System and method for secure multi-tenancy in an operating system of a storage system |
CN104301149A (en) * | 2014-10-27 | 2015-01-21 | 浪潮(北京)电子信息产业有限公司 | Multi-data-center permission management method and system |
US9465752B2 (en) | 2014-12-12 | 2016-10-11 | Software Ag Usa, Inc. | Systems and/or methods for policy-based access to data in memory tiers |
CN104462937B (en) * | 2014-12-17 | 2017-05-17 | 中国人民解放军国防科学技术大学 | Operating system peripheral access permission control method based on users |
US10387263B2 (en) | 2014-12-31 | 2019-08-20 | Netapp, Inc. | Centralized management center for managing storage services |
US9977912B1 (en) * | 2015-09-21 | 2018-05-22 | EMC IP Holding Company LLC | Processing backup data based on file system authentication |
US20170147158A1 (en) * | 2015-11-19 | 2017-05-25 | Netapp, Inc. | Methods and systems for managing gui components in a networked storage environment |
US10958658B2 (en) * | 2017-06-15 | 2021-03-23 | Michael T. Jones | Systems and methods for differentiated identification for configuration and operation |
JP6894985B2 (en) | 2017-07-14 | 2021-06-30 | ヒタチ ヴァンタラ コーポレーションHitachi Vantara Corporation | Methods, devices, and systems for controlling user access to data storage systems |
CN107895123A (en) * | 2017-11-13 | 2018-04-10 | 医渡云(北京)技术有限公司 | Data access authority control method and device, method for managing user right |
US10565081B2 (en) * | 2017-12-28 | 2020-02-18 | Cerner Innovation, Inc. | Data protection manager |
US11451554B2 (en) | 2019-05-07 | 2022-09-20 | Bank Of America Corporation | Role discovery for identity and access management in a computing system |
US11755760B2 (en) * | 2019-10-18 | 2023-09-12 | Asg Technologies Group, Inc. | Systems and methods for secure policies-based information governance |
CN111193905B (en) * | 2019-12-24 | 2022-11-01 | 视联动力信息技术股份有限公司 | Monitoring resource allocation method and device and readable storage medium |
CN111488595B (en) * | 2020-03-27 | 2023-03-28 | 腾讯科技(深圳)有限公司 | Method for realizing authority control and related equipment |
US11641360B2 (en) * | 2020-06-30 | 2023-05-02 | At&T Intellectual Property I, L.P. | Role-based access control with complete sets of granular roles |
CN112350997A (en) * | 2020-10-16 | 2021-02-09 | 杭州安恒信息技术股份有限公司 | Database access right control method and device, computer equipment and storage medium |
CN112528249A (en) * | 2020-12-18 | 2021-03-19 | 杭州立思辰安科科技有限公司 | Authority management method and device suitable for network security management platform |
US11797505B2 (en) * | 2021-04-30 | 2023-10-24 | Hewlett Packard Enterprise Development Lp | Column browser for navigating hierarchical data structures |
USD977511S1 (en) | 2021-04-30 | 2023-02-07 | Hewlett Packard Enterprise Development Lp | Display with animated graphical user interface |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19954358A1 (en) * | 1999-01-07 | 2000-07-20 | Hewlett Packard Co | User role access controller has computer-legible storage media and program code resident in the media for generating one or more user roles |
EP1124172A2 (en) * | 2000-02-07 | 2001-08-16 | Emc Corporation | Controlling access to a storage device |
WO2002050691A1 (en) * | 2000-12-19 | 2002-06-27 | Mediagate, Inc. | Software architecture for interaction with dynamic data sources and role based access control |
WO2002073436A1 (en) * | 2001-03-09 | 2002-09-19 | Arcot Systems, Inc. | Efficient computational techniques for authorization control |
US20050193196A1 (en) * | 2004-02-26 | 2005-09-01 | Ming-Yuh Huang | Cryptographically enforced, multiple-role, policy-enabled object dissemination control mechanism |
US20060010483A1 (en) * | 2004-07-12 | 2006-01-12 | International Business Machines Corporation | Inherited role-based access control system, method and program product |
Family Cites Families (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0697662B1 (en) * | 1994-08-15 | 2001-05-30 | International Business Machines Corporation | Method and system for advanced role-based access control in distributed and centralized computer systems |
US5761669A (en) * | 1995-06-06 | 1998-06-02 | Microsoft Corporation | Controlling access to objects on multiple operating systems |
US6023765A (en) * | 1996-12-06 | 2000-02-08 | The United States Of America As Represented By The Secretary Of Commerce | Implementation of role-based access control in multi-level secure systems |
US6088679A (en) * | 1997-12-01 | 2000-07-11 | The United States Of America As Represented By The Secretary Of Commerce | Workflow management employing role-based access control |
US6457130B2 (en) * | 1998-03-03 | 2002-09-24 | Network Appliance, Inc. | File access control in a multi-protocol file server |
US7673323B1 (en) * | 1998-10-28 | 2010-03-02 | Bea Systems, Inc. | System and method for maintaining security in a distributed computer network |
US20040199765A1 (en) * | 1999-08-20 | 2004-10-07 | Children's Medical Center Corporation | System and method for providing personal control of access to confidential records over a public network |
US7013485B2 (en) * | 2000-03-06 | 2006-03-14 | I2 Technologies U.S., Inc. | Computer security system |
US7185192B1 (en) * | 2000-07-07 | 2007-02-27 | Emc Corporation | Methods and apparatus for controlling access to a resource |
US7096222B2 (en) * | 2000-09-01 | 2006-08-22 | Borland Software Corporation | Methods and systems for auto-instantiation of storage hierarchy for project plan |
US6757901B1 (en) * | 2000-12-21 | 2004-06-29 | Cisco Technology, Inc. | Method and system for setting expressions in network management notifications at an agent |
US6985955B2 (en) * | 2001-01-29 | 2006-01-10 | International Business Machines Corporation | System and method for provisioning resources to users based on roles, organizational information, attributes and third-party information or authorizations |
US7788700B1 (en) * | 2002-05-15 | 2010-08-31 | Gerard A. Gagliano | Enterprise security system |
US7653930B2 (en) * | 2003-02-14 | 2010-01-26 | Bea Systems, Inc. | Method for role and resource policy management optimization |
US7404203B2 (en) * | 2003-05-06 | 2008-07-22 | Oracle International Corporation | Distributed capability-based authorization architecture |
US7424533B1 (en) * | 2003-05-23 | 2008-09-09 | Cisco Technology, Inc. | Method and apparatus for role-based access control |
US20050021977A1 (en) * | 2003-06-25 | 2005-01-27 | Microsoft Corporation | Expression-based access control |
WO2005008458A1 (en) * | 2003-07-11 | 2005-01-27 | Computer Associates Think, Inc. | System and method for providing java server page security |
US7650644B2 (en) * | 2003-11-25 | 2010-01-19 | Sap Aktiengesellschaft | Object-based access control |
US7774601B2 (en) * | 2004-04-06 | 2010-08-10 | Bea Systems, Inc. | Method for delegated administration |
US7340469B1 (en) * | 2004-04-16 | 2008-03-04 | George Mason Intellectual Properties, Inc. | Implementing security policies in software development tools |
US7546297B2 (en) * | 2005-03-14 | 2009-06-09 | Microsoft Corporation | Storage application programming interface |
US8762552B2 (en) * | 2005-04-13 | 2014-06-24 | Brocade Communications Systems, Inc. | Fine granularity access control for a storage area network |
US7748027B2 (en) * | 2005-05-11 | 2010-06-29 | Bea Systems, Inc. | System and method for dynamic data redaction |
US7774827B2 (en) * | 2005-06-06 | 2010-08-10 | Novell, Inc. | Techniques for providing role-based security with instance-level granularity |
US20070276951A1 (en) * | 2006-05-25 | 2007-11-29 | Nicholas Dale Riggs | Apparatus and method for efficiently and securely transferring files over a communications network |
US8381306B2 (en) * | 2006-05-30 | 2013-02-19 | Microsoft Corporation | Translating role-based access control policy to resource authorization policy |
US8336078B2 (en) * | 2006-07-11 | 2012-12-18 | Fmr Corp. | Role-based access in a multi-customer computing environment |
-
2006
- 2006-11-17 US US11/601,096 patent/US20080120302A1/en not_active Abandoned
-
2007
- 2007-11-06 WO PCT/US2007/023418 patent/WO2008063417A2/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19954358A1 (en) * | 1999-01-07 | 2000-07-20 | Hewlett Packard Co | User role access controller has computer-legible storage media and program code resident in the media for generating one or more user roles |
EP1124172A2 (en) * | 2000-02-07 | 2001-08-16 | Emc Corporation | Controlling access to a storage device |
WO2002050691A1 (en) * | 2000-12-19 | 2002-06-27 | Mediagate, Inc. | Software architecture for interaction with dynamic data sources and role based access control |
WO2002073436A1 (en) * | 2001-03-09 | 2002-09-19 | Arcot Systems, Inc. | Efficient computational techniques for authorization control |
US20050193196A1 (en) * | 2004-02-26 | 2005-09-01 | Ming-Yuh Huang | Cryptographically enforced, multiple-role, policy-enabled object dissemination control mechanism |
US20060010483A1 (en) * | 2004-07-12 | 2006-01-12 | International Business Machines Corporation | Inherited role-based access control system, method and program product |
Also Published As
Publication number | Publication date |
---|---|
WO2008063417A2 (en) | 2008-05-29 |
US20080120302A1 (en) | 2008-05-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2008063417A3 (en) | Resource level role based access control for storage management | |
US8850041B2 (en) | Role based delegated administration model | |
CN103379089B (en) | Access control method and system thereof based on security domain separation | |
CN103368765B (en) | A kind of privileges of management system adding method and device | |
US20130086648A1 (en) | Updating resource access permissions in a virtual computing environment | |
WO2006002018A3 (en) | Geospatial information system and method for updating same | |
CN103026352A (en) | Automatic removal of global user security groups | |
WO2009155473A3 (en) | Information rights management | |
SG155065A1 (en) | Interoperable systems and methods for peer-to-peer service orchestration | |
WO2011091158A3 (en) | System and method for performing project management attendant to any of various types of projects | |
WO2004109443A3 (en) | Managing data objects in dynamic, distributed and collaborative contexts | |
CN101593260A (en) | A kind of application process of privileges of management system and device | |
CN101895551A (en) | Resource access control method and system | |
US20120185528A1 (en) | Session allocation for distributed virtual desktop architecture | |
US9692779B2 (en) | Device for quantifying vulnerability of system and method therefor | |
US20090106844A1 (en) | System and method for vulnerability assessment of network based on business model | |
WO2008029393A3 (en) | Method for managing simultaneous modification of database objects during development | |
CN105827645B (en) | Method, equipment and system for access control | |
CN107358122A (en) | The access management method and system of a kind of data storage | |
WO2008126202A1 (en) | Load distribution program for storage system, load distribution method for storage system, and storage management device | |
CN103763369A (en) | Multi-permission distribution method based on SAN storage system | |
CN114726639B (en) | Automatic arrangement method and system for access control policy | |
CN108924086A (en) | A kind of host information acquisition method based on TSM Security Agent | |
CN105069366A (en) | Account registration and management method and device | |
US8701202B2 (en) | Method for granting an access authorization for a computer-based object in an automation system, computer program and automation system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07861774 Country of ref document: EP Kind code of ref document: A2 |